I'm probably going to catch hell for this, but here goes regardless.
>First, In-Defense is not purely heuristic technology; it's much better
>than that and supposedly very proprietary, a technique that no one else
>has used before. I downloaded a so-called 'white paper' from their site
>before (not sure if that is still available) which discussed their
>technology in fine detail.
I won't argue this as a) I did not look terribly deeply at their site;
and b) what I could find there was rather vague when discussing the
technology. I also a agree that a purely heuristic approach would be
incomplete, something the major AV software manufacturers recognise.
However...
>Believe me, it works and doesn't cause false
>virus alerts.
Brian: I most certainly do not mean to be insulting, and mean no offence
whatsoever by this, but how can you be certain of their claims? It's
entirely possible that the software can throw up no false positives at
all and still be doing a lax job.
>In fact, it was tested by PCWorld and caught everything
>they threw at it, yet didn't cause false alerts either (can't remember
>which issue that was in, quite awhile ago, though).
Point taken. If it works, I most certainly will not argue against it,
and I'm not trying to pick a fight over it. However, I am skeptical
about it, mainly based upon my professional experience. As I said: I
would still like to see one of the independent clearinghouses for AV
software benchmark it and thus have a clear idea of its performance
against the mainstream packages. If it comes out well, that's fine by
me: I'm always happy to support good software. If not, I'd recommend
finding something else to rely on.
>As to the 'spyware' which was on my system that I eliminated with
>Opt-Out, I'd recommend that to anyone since that 'hidden' software has
>pretty well been proven to affect the performance and operation of
>internet browsing software, according to what I've read and
experienced.
This much I would agree with (both on ethical and performance grounds),
at least as long as you are using a traditional analogue modem. I do
not condone unsolicited advertising in exchange for the use of free
software; similarly, the unsolicited exchange of personal or system
information is completely reprehensible. The corollary is that if
you're using an ISDN, cable, or xDSL connection, you may not notice a
performance hit as you have a sufficiently quick connection for the
information being relayed by the spyware to not noticeably impact the
quality of your connection.
>The back orifice probably wasn't detected by In-Defense on my system
>because it (In-Defense) was likely installed AFTER my computer became
>'infected' with the back orifice. That's one catch to
In-defense--you've
>got to have a 'clean' computer when it's installed, so to be safe a
>person should run a good virus scanner on the PC first before
>installing.
This is what worries me. A good virus scanner should be able to run in
protected memory at installation and catch these things DURING
INSTALLATION. If In-Defense essentially required you to clean your PC
with another product prior to installation, it probably has other -
quite possibly more serious - shortcomings.
>Of course, I didn't do that, and apparently, the back
>orifice was lurking on it, and In-Defense didn't know it was something
>bad since it was there when it 'vaccinated' my system.
This is exactly my point. It did not catch something unwanted during
vaccination, and thus passed it as 'acceptable'. Again, please do not
rely on this particular piece of software.
>And, even though BO is a useful tool, there's absolutely no reason to
>have it on one's home PC when you're not part of a network.
Well... Two things spring to mind here.
1) Any time you create a connection to your ISP or on-line provider,
you are becoming part of a network - their network, which forms a part
of the Internet. I will not argue, however, that if it is there
unintentionally then it should be removed.
2) There are plenty of good reasons for having remote administration
software on your machine. Sending files from work (on the fast
connection) to home (on the slow connection) is just one of them.
Again, though, if you did not put it there it has no business being
there, a point I will not debate
>It can only
>invite problems from 'crack' (as you call them.....), and I see no
>reason why it should be there.
I agree that there is no reason why it should be there unless you wanted
it to be, which you clearly didn't. I will not argue that point: it's
your machine; you have the right to decide what is and is not run on it.
Removing BO is, as far as I'm concerned, perfectly legitimate in your
case. You didn't ask for it to be there, nor did you want it to be
there.
However, there is one thing I would like you to consider for a moment
(playing devil's advocate): to the average cracker, what level of
interest does your computer really hold for them? Probably not a lot:
your IP (or, effectively, Internet) address changes every time you dial
up, making you more difficult to track than, say, whitehouse.gov, which
always has the same IP address.
Now, let's expand this out a bit further: I know that BO - by default -
operates on port 31337 (think of a port as a carrier pigeon's
cubby-hole) to communicate with the outside world. I could,
conceivably, scan your machine every time you connect to the Internet to
see if port 31337 is available for use by BO. However, in order to do
this, I would have to know your IP address every time you connect, which
is always changing. I'd also have to be certain that whover infected
you hadn't changed BO's default port, as well as that I'm not scanning
*another* machine that has been 'infected' with BO.
Further still, I'd have to actually be interested in your computer as a
target. This would assume that there is something on there of
sufficient interest to me to target you in the first place. While I
might perhaps have the ability to read your personal email, peruse
various files you created, and possibly garner some bits of personal
information relating to you, what good does it really do me? You're one
person, not many. In many, conceivably, there is obscurity.
In short: I have to care enough about you to try to track you in the
first place. Doing this would be a lot of busywork. In some cases, it
would be easier (and far more proftable) to steal an entire database of
names and credit card numbers if I were so inclined and abuse those (not
that I would - I'm just making a point).
>Just my two cents, wanted to address your comment...........
You've made absolutely fair points, and I enjoy the discourse.
>sorry to the
>list for more Virus talk........but after all, everyone on this list is
>using a computer which could develop problems, and this topic will
>hopefully ensure people stay aware of their options when trying to keep
>their systems 'healthy'.......
I agree with Brian on this. Forewarned is forearmed.
- Cameron.
This archive was generated by hypermail 2b29 : Fri 21 Apr 2000 - 08:46:46 UTC